<?php
session_start();
ini_set("display_errors", 1);
require_once 'mysql_conn_3asY&AKj0qB1.php';
$username = escape_data($_REQUEST['username']);
$password = escape_data($_REQUEST['password']);
$query = "SELECT id, ac_times, submit_times FROM users WHERE username = '$username' AND password = MD5('$password');";
$result = @mysqli_query($NDSOJ_dbc, $query);
if (!$result) {
	echo '呃，看起来出了点小问题…请尽快联系我们。我们的E-mail：hcc@shiyihcc.com';
	mysqli_close($NDSOJ_dbc);
	//echo mysqli_error($NDSOJ_dbc);
}
else {
	$row = mysqli_fetch_array($result);
	if (!$row) {
		mysqli_free_result($result);
		mysqli_close($NDSOJ_dbc);
		echo '<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />';
		echo '<script type="text/javascript">alert("呃，用户名或密码输错了…");</script>';
		echo '<script type="text/javascript">window.location = "index.php";</script>';
	}
	else {
		$_SESSION['login'] = TRUE;
		$_SESSION['username'] = $username;
		$_SESSION['userid'] = $row['id'];
		$_SESSION['ac_times'] = $row['ac_times'];
		$_SESSION['submit_times'] = $row['submit_times'];
		//$_SESSION['theme'] = 1; get theme from DB.
		
		// 这是临时的解决方案，过一阵改掉。
		$_SESSION['admin'] = TRUE;
		$_SESSION['prob_privilege'] = TRUE;
		
		mysqli_free_result($result);
		mysqli_close($NDSOJ_dbc);
		echo '<script type="text/javascript">window.location = "index.php";</script>';
	}
}
?>
